diff options
Diffstat (limited to 'src/interfaces')
| -rw-r--r-- | src/interfaces/libpq/fe-connect.c | 11 | ||||
| -rw-r--r-- | src/interfaces/libpq/fe-secure-openssl.c | 15 | ||||
| -rw-r--r-- | src/interfaces/libpq/libpq-int.h | 1 |
3 files changed, 14 insertions, 13 deletions
diff --git a/src/interfaces/libpq/fe-connect.c b/src/interfaces/libpq/fe-connect.c index aeb64c5bca3..29054bad7b4 100644 --- a/src/interfaces/libpq/fe-connect.c +++ b/src/interfaces/libpq/fe-connect.c @@ -275,12 +275,9 @@ static const internalPQconninfoOption PQconninfoOptions[] = { "SSL-Mode", "", 12, /* sizeof("verify-full") == 12 */ offsetof(struct pg_conn, sslmode)}, - /* - * "sslcompression" is no longer used, but keep it present for backwards - * compatibility. - */ - {"sslcompression", NULL, NULL, NULL, - "SSL-Compression", "", 1, -1}, + {"sslcompression", "PGSSLCOMPRESSION", "0", NULL, + "SSL-Compression", "", 1, + offsetof(struct pg_conn, sslcompression)}, {"sslcert", "PGSSLCERT", NULL, NULL, "SSL-Client-Cert", "", 64, @@ -4054,6 +4051,8 @@ freePGconn(PGconn *conn) free(conn->sslcrl); if (conn->sslcrldir) free(conn->sslcrldir); + if (conn->sslcompression) + free(conn->sslcompression); if (conn->requirepeer) free(conn->requirepeer); if (conn->ssl_min_protocol_version) diff --git a/src/interfaces/libpq/fe-secure-openssl.c b/src/interfaces/libpq/fe-secure-openssl.c index c88dd3a1183..0fa10a23b4a 100644 --- a/src/interfaces/libpq/fe-secure-openssl.c +++ b/src/interfaces/libpq/fe-secure-openssl.c @@ -1257,8 +1257,13 @@ initialize_SSL(PGconn *conn) if (have_rootcert) SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, verify_cb); - /* disable SSL compression */ - SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION); + /* + * Set compression option if necessary. + */ + if (conn->sslcompression && conn->sslcompression[0] == '0') + SSL_set_options(conn->ssl, SSL_OP_NO_COMPRESSION); + else + SSL_clear_options(conn->ssl, SSL_OP_NO_COMPRESSION); return 0; } @@ -1548,12 +1553,8 @@ PQsslAttribute(PGconn *conn, const char *attribute_name) if (strcmp(attribute_name, "cipher") == 0) return SSL_get_cipher(conn->ssl); - /* - * SSL compression is disabled, so even if connecting to an older server - * which still supports it, it will not be active. - */ if (strcmp(attribute_name, "compression") == 0) - return "off"; + return SSL_get_current_compression(conn->ssl) ? "on" : "off"; if (strcmp(attribute_name, "protocol") == 0) return SSL_get_version(conn->ssl); diff --git a/src/interfaces/libpq/libpq-int.h b/src/interfaces/libpq/libpq-int.h index 0965c5ac511..adf149a76f9 100644 --- a/src/interfaces/libpq/libpq-int.h +++ b/src/interfaces/libpq/libpq-int.h @@ -358,6 +358,7 @@ struct pg_conn char *keepalives_count; /* maximum number of TCP keepalive * retransmits */ char *sslmode; /* SSL mode (require,prefer,allow,disable) */ + char *sslcompression; /* SSL compression (0 or 1) */ char *sslkey; /* client key filename */ char *sslcert; /* client certificate filename */ char *sslpassword; /* client key file password */ |